General

  • Target

    RECEIPT.zip

  • Size

    1.8MB

  • Sample

    220613-v793dshfgk

  • MD5

    8a24e0d06efc612ccc2415d8c016bccc

  • SHA1

    7e4a4fce1148a87f3d857fe8af5fbbb95b68deb2

  • SHA256

    c3c8d337313ba9ba442de6db900bf5a1c95373450a907d011ca319908d921057

  • SHA512

    aa98a0be5ddf5cdd2b9215271724d8b50d96a1e5a1c80e586638d7746cb2ac84a9046fd5f15cdcaa5ce647d043163ae601a08bb85170eef5564ab1adfec5b020

Score
10/10

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

bitrat9300.duckdns.org:9300

Attributes
  • communication_password

    e10adc3949ba59abbe56e057f20f883e

  • tor_process

    tor

Targets

    • Target

      R0DJFF6DH_ETRANSFER_RECEIPT.exe

    • Size

      300.0MB

    • MD5

      226fb5752aa6f88a83ff3b5fd793ed3e

    • SHA1

      e47d89197c492285ed0e21ba88d8c6dc57b53b28

    • SHA256

      b7bc9c6c715db6abe6707205e70f685422aedf9c881beda92fff27a4fafdc4cb

    • SHA512

      7cf758e2846db04570cb00731a629d9fe282c5fd39c3b50e2238209e2341c4aa10944ed81d9971a8db475fd421d90aaec0b59722be522706dccf482eae138156

    Score
    10/10
    • BitRAT

      BitRAT is a remote access tool written in C++ and uses leaked source code from other families.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Tasks